Privacy policy for the "ENKORO" app
1. scope of application of the privacy policy
This privacy policy applies to our apps for mobile operating systems and devices (hereinafter referred to as "app").
It explains the type, purpose and scope of data collection in the context of app use.
Please note that when downloading our app via an AppStore, you must register or identify yourself with the respective AppStore operator (e.g. via a Google or Apple ID).
The data protection guidelines and terms of use of the AppStore operators apply, which may differ from the data protection laws of the European Union.
We have no influence on these data protection guidelines.
We reserve the right to amend these data protection provisions at any time in compliance with legal requirements.
2. responsible body
The controller for the data processing described in this privacy policy is
Peloton Informationstechnologie GmbH
Finkenweg 7
65843 Sulzbach
Germany
Phone: +49 6196 524 39 33
E-mail: info@peloton-it.de
3. type, scope, purpose and legal basis of data processing
Purpose and legal basis of data processing
Unless more specific provisions are made in this privacy policy, we process your personal data in the context of app use in order to provide the functionalities of the app, to ensure the security of the app or – if necessary and legally permitted – to contact you.
The legal basis is Art. 6 para.
1 lit.
b GDPR (performance of a contract) and our legitimate interest in providing a functional app (Art. 6 para. 1 lit. f GDPR).
If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para.
1 lit.
a GDPR and Section 25 para.
1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. for device fingerprinting) within the meaning of the TDDDG.
Consent can be revoked at any time.
Details can be found in the following explanations.
Processed data categories
If you use this app, the following personal data will be processed by you:
– First and last name
– Address
– Date of birth
– Place of birth
– Gender
– User name
– Email address
– Mobile phone number
– Profile picture
– Chat histories
– Billing and contract data
– Data that you enter in the chat or contact forms
– IP addresses
– Metadata
– Device IDs
– Device number and device type of the smartphone / end device
This data is collected for the performance of the user contract between us and the app users (Art. 6 para. 1 sentence 1 lit. b GDPR).
With regard to the voluntary information, data processing is also carried out on the basis of Art. 6 para.
1 sentence 1 lit.
f GDPR.
We have a legitimate interest in the collection of data voluntarily provided by our users.
If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para.
1 lit.
a GDPR and § 25 para.
1 TDDDG.
Consent can be revoked at any time.
Registration
You can register in the app to use additional functionalities of the app.
We will only use the data you enter for the purpose of using the respective offer or service for which you have registered.
The mandatory information requested during registration must be provided in full.
Otherwise we will reject the registration.
In the event of important changes, for example to the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.
The data entered during registration is processed for the purpose of implementing the user relationship established by the registration and, if necessary, for the initiation of further contracts (Art. 6 para. 1 lit. b GDPR).
The data collected during registration will be stored by us for as long as you are registered on this app and will then be deleted.
Legal retention periods remain unaffected.
For registration with a Google account, the provider is Google Ire-land Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://play.google.com/store/apps?hl=de. If you register with your social media account, you only need to enter your respective social media account name and the corresponding password.
Your account in our app will then be automatically completed with the data stored in the respective social media profile.
The use of the social media registration function is in our legitimate interest to make the re-registration process as easy as possible for our users (Art. 6 para. 1 lit. f GDPR).
As the use of the registration function is voluntary and the users themselves can decide on the respective access options, no conflicting overriding rights of the data subjects are apparent.
For registration with an Apple account, the provider is Apple Inc, In-finite Loop, Cupertino, CA 95014, USA, https://www.apple.com/de/ios/app-store/. You can find the privacy policy at: https://www.apple.com/legal/privacy/de-ww/. When you register with your social media account, you only need to enter your respective social media account name and the corresponding password. Your account in our app will then be automatically completed with the data stored in the respective social media profile. The use of the social media registration function is in our legitimate interest to make the registration process as easy as possible for our users (Art. 6 para. 1 lit. f GDPR). As the use of the registration function is voluntary and the users themselves can decide on the respective access options, no conflicting overriding rights of the data subjects are apparent.
To register with a Facebook account, you can register with Fa-cebook Connect.
The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
The privacy policy can be found at: https://www.facebook.com/privacy/policy/Wenn If you register with your social media account, you only need to enter your social media account name and the corresponding password.
Your account in our app will then be automatically completed with the data stored in the respective social media profile.
The use of the social media registration function is in our legitimate interest to make the registration process as easy as possible for our users (Art. 6 para. 1 lit. f GDPR).
Since the use of the registration function is voluntary and the users themselves can decide on the respective access options, no conflicting overriding rights of the data subjects are apparent.
Access rights of the app
To provide our services, the app requests the access rights listed below, which enable us to access certain functions of your device.
- Photos, videos.
Access is granted.
for the following purpose: transfer (up-load) of manually selected image and video material for display in individual groups of the app - Camera.
Access is for the following purpose: Transfer (upload) of manually selected image and video material for display in individual groups of the app
The access authorizations granted are used exclusively to provide the associated app functionalities.
The data may be processed by the providers of the app stores.
The legal basis for access is your consent, which you gave during installation (Art. 6 para. 1 lit. a GDPR).
You can change the app’s access permissions at any time.
In this case, however, the app or certain app functions may no longer work properly.
InApp purchases
Within the app, you have the option of purchasing additional services (in-app purchases).
The purchase is therefore made via the AppStore, which is therefore also responsible under data protection law.
Details can be found in the respective privacy policies of the AppStore.
In the case of in-app purchases, you will be forwarded to the provider of your AppStore.
These may be the following app stores:
– Apple App Store: Apple Inc, Infinite Loop, Cupertino, CA 95014, USA, https://www.apple.com/de/ios/app-store/. The privacy policy can be found at: https://www.apple.com/legal/privacy/de-ww/.
– Google Play: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, https://play.google.com/store/apps?hl=de. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, so that a transfer of your data to the USA cannot be ruled out.
You can find the privacy policy at: https://policies.google.com/privacy.
Contact us
If you contact us (e.g. via the contact form, by email, telephone or via another channel), we will store and process your request, including all resulting personal data (e.g. name, request) for the purpose of processing your request.
This data is processed on the basis of Art. 6 para.
1 lit.
b GDPR, provided that your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures.
In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the inquiries addressed to us.
The data you send to us via a contact request will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed).
Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Interaction with other app users
Users can interact with each other in the app via a comment function.
When you use the comment function in our app, the messages you send and the associated metadata (e.g. timestamp) are processed.
We process the following personal data:
- Name or username,
- News content,
- Time of the message.
The data is processed for the purpose of providing and ensuring the comment function.
The legal basis for the processing of the data is Art. 6 para.
1 lit.
b GDPR, as the processing is necessary for the performance of a contract, namely the use of our app.
We only store your messages for the period necessary to provide the service.
After termination of the user relationship, your data will be deleted within a reasonable period of time, provided that there are no legal retention periods to the contrary.
Your chat data will not be passed on to third parties unless this is necessary to fulfill the contract or you have expressly consented to this.
Your messages are transmitted via encrypted connections.
We use technical and organizational measures to protect your data from unauthorized access.
Encryption
This app uses encryption for security reasons and to protect the transmission of confidential content.
This encryption prevents the data you transmit from being read by unauthorized third parties.
Hosting
The app itself is hosted by the provider of the app store from which you downloaded the app.
The user data recorded in the app is stored by our hoster.
Our hoster is:
Concept Infoway LLC
124 Riverland Woods Ct
Simpsonville, SC 29681
accounts@conceptinfoway.com
+1 (832) 290-9522
www.conceptinfoway.com
We have concluded an order processing contract with our hoster, which guarantees that it processes the data on the basis of our instructions and in compliance with the GDPR.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Reporting inappropriate content
App users can report inappropriate content to us if they are of the opinion that content or statements by other app users or other content violates our guidelines, general laws or common decency.
Such a report will only be sent to us and checked by us.
Third parties cannot trace who made the report.
We will review each report and, if necessary, remove the reported content and/or impose appropriate sanctions on the persons responsible.
If we process special categories of data (e.g. when checking statements on political convictions), the processing is carried out on the basis of Art. 9 para.
2 lit. e GDPR (in the case of data that the data subject has made public themselves, for example in the case of corresponding statements in chat groups) and otherwise on the basis of Art. 9 para.
2 lit.
f GDPR (assertion, exercise and defense of legal claims).
In all other cases, we process the data on the basis of Art. 6 para.
1 lit.
f GDPR, as it is in our legitimate interest to respond to inappropriate content or behavior.
We will delete unfounded reports immediately after checking them.
Justified reports will be deleted after the purpose has been fulfilled.
4. storage duration
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies.
A discontinuation of the purpose regularly occurs when you log out of the app.
If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.
Data that is stored exclusively on your end device remains there until you delete it yourself.
5. automated decision making
No automated decision-making takes place.
6. your rights
You are entitled to the following data protection rights within the framework of the GDPR:
Right to information (Art. 15 GDPR): You have the right to request information about your personal data stored by us.
Right to rectification (Art. 16 GDPR): You have the right to request the rectification of inaccurate personal data concerning you.
Taking into account the purpose of processing, you also have the right to request the completion of incomplete personal data.
Right to erasure (Art. 17 GDPR): You have the right to request the erasure of your personal data.
Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of the processing of personal data concerning you.
Right to data portability (Art. 20 GDPR): You have the right to have personal data that we process automatically, on the basis of your consent or in fulfillment of a contract, handed over to you or to another controller in a commonly used, machine-readable format.
If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.
Right to withdraw your consent (Art. 7 para. 3 GDPR): If you have given your consent to the processing of your data, you have the right to withdraw it at any time with effect for the future.
Right to lodge a complaint (Art. 77 GDPR): If you are of the opinion that we are not complying with data protection regulations when processing your personal data, you have the right to lodge a complaint with a data protection authority.
In cases in which data processing is based on Art. 6 para.
1 sentence 1 lit.
e or f GDPR, you have the right to object to the data processing on grounds relating to your particular situation (right to object pursuant to Art. 21 GDPR
GatewayAPI
In providing our services, Peloton IT GmbH uses GatewayAPI to send messages (e.g., SMS, emails) to our users. In doing so, personal data is processed to make communication efficient and targeted.
- We utilize the services of:
ONLINECITY.IO ApS
Buchwaldsgade 50
5000 Odense C, Denmark
VAT-ID: DK-27364276 - Processed Data
When using GatewayAPI, the following personal data may be processed:- Phone numbers
- Email addresses
- Contents of sent messages
- Data Processing Agreement
We have entered into a data processing agreement with ONLINECITY.IO ApS, which ensures that ONLINECITY.IO processes the data in accordance with applicable data protection laws and implements appropriate technical and organizational measures to protect your data. - Purpose of Data Processing
The processing of your data is carried out for the purpose of providing communication services, sending information, and fulfilling your requests. - Legal Basis
The processing of personal data is based on your consent as well as the fulfillment of a contract, which includes the services provided. - Data Transfer
Your personal data will not be transferred to third parties unless this is necessary for the provision of services or required by law. - Data Security
We place great importance on the protection of your personal data and implement appropriate technical and organizational measures to secure it. - Rights of Data Subjects
You have the right to access, rectify, and delete your personal data, as well as the right to restrict processing and to object to processing.
For further information on data processing by GatewayAPI and your rights, we recommend consulting the GatewayAPI privacy policy.
Google Analytics
To optimize our website and improve our services, we use Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics automatically collects data about the use of our website to conduct statistical evaluations.
Processed Data
The following data may be processed by Google Analytics:- IP addresses (anonymized)
- Pages visited within our domain
- Duration of visits on the pages
- Referral source
- Timestamp of the visits
- Device information and operating systems
Purpose of Data Processing
The data processing is conducted for the purpose of analyzing the use of our website, creating reports on website activities, and continuously improving our website.Legal Basis
The processing of personal data is based on your consent, which you provide by using our website.Data Processing Agreement
We have entered into a data processing agreement with Google, which ensures that Google processes the data in compliance with applicable data protection laws and takes appropriate technical and organizational measures to protect your data.Data Transfer
The data collected by Google Analytics is generally transferred to a Google server in the USA and stored there. Google will not associate your IP address with other data held by Google.Anonymization
We have enabled the IP anonymization feature of Google Analytics. This means that your IP address will be shortened within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being stored.Data Security
Google provides appropriate guarantees for data protection and data security in accordance with the General Data Protection Regulation (GDPR).Opt-Out Option
You can prevent the storage of cookies by adjusting your browser software settings; however, we would like to point out that in this case, you may not be able to use all the features of our website in full. Additionally, you have the option to prevent the collection by Google Analytics by downloading and installing the browser add-on for deactivating Google Analytics.Rights of the Data Subjects
You have the rights to access, rectification, and deletion of your personal data, as well as the right to restrict processing and to object to processing.
For more information on Google Analytics and data protection, you can view Google’s privacy policy at https://policies.google.com/privacy.
Freshdesk
We use the communication tool Freshdesk. The service provider is Freshworks Inc. , 2950 S. Delaware Street, Suite 201San Mateo, CA 94403+1 855 747 6767,
Branch office in Germany:
Neue Grünstraße 1710179 Berlin+49 305 884 9246
Why do we use Freshdesk?
The primary reason for using Freshdesk is the centralised management of all customer enquiries. The tool makes administration and processing more efficient and faster, which is an advantage for you as a customer. In addition, certain processes can be automated, which opens up the possibility of dealing with more complex enquiries in a timely manner. Another advantage is the possibility of integrating other systems, such as a CRM or project management system.
How secure is the data transfer at Freshdesk?
Freshdesk or Freshworks processes your data in the USA, among other places. Freshworks is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data of EU citizens to the USA. Further information can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
In addition, Freshworks uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). With the EU-US Privacy Shield Framework and the Standard Contractual Clauses, Freshworks commits to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
The Data Processing Addendum, which is part of the standard contractual clauses, can be found at https://www.freshworks.com/data-processing-addendum/.
Further information on the data processed when using Freshdesk can be found in the privacy policy at https://www.freshworks.com/privacy/?tid=139606326.
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
